Debate still rages on federal use of cookies

The comment period about using technology to track visitors on government Web sites may be over, but the debate about changing the government's policy continues, based on comments from advocacy groups, agencies, industry and the public.

Officials of the Office of Management and Budget are re-evaluating a policy that bans the use of Web tracking technology on federal Web sites. The tracking technologies, including persistent cookies, are common on commercial Web sites, but were banned from government sites to protect people's privacy, according to OMB.

The policy needs to be changed so government agencies can provide an improved and customized experience for visitors to agency Web sites, according to OMB. Web tracking technologies make it possible for a site to remember each visitor's preferences and information. They also are necessary for using sophisticated analysis tools, which provide managers with information about how visitors use sites.

In comments posted on a Web forum set up by the Office of Management and Budget, the American Civil Liberties Union said allowing Web tracking and persistent cookies would constitute a “sea change in government privacy policy.”

“No American should have to sacrifice privacy or risk surveillance in order to access free government information,” said Christopher Calabrese, counsel for the ACLU's Technology and Liberty Project. “No policy change should be adopted without wide-ranging debate, including information on the restrictions and uses of cookies as well as impact on privacy.”

A comment from a person who said he is a senior analyst for the Internal Revenue Service said the federal government’s policies on cookies have been outdated for a long time.

“There are many applications which require the use of cookies and our external stakeholders need these applications,” the comment by Jeff Smith states.

Valerie Allen, who describes herself as a Web manager for government sites hosted by the Energy Department’s Office of Scientific and Technical Information, supports allowing persistent cookies.

Cookies could let agencies analyze how non-identified patrons move through Web sites and see what visitors find most valuable, Allen said. Cookies could also eliminate the need to log in for certain Web site features such as alerts systems, she said.

And it would be possible to provide automated recommendations on new or related content if cookies were allowed, Allen said.

Even though cookies are widely used on commercial Web sites, that should not necessarily be a factor in rewriting the federal policy, said Daniel Solove, a George Washington University law professor and author of the book “Understanding Privacy.”

“Most people generally are unaware of the full extent they are being tracked and how much of their personal information is being stored,” Solove said. “Cookies are certainly very useful, but there are ways to limit the extent of information they gather, how long it is kept, and how it is used.”

Federal agencies are different than private businesses because government Web sites directly relate to people’s political activities and interests, Solove said.

“One of the hallmarks of our constitutional democracy is the ability of citizens to find out information about their government, and this might be jeopardized if the cost for doing so is to lose one’s privacy,” he said.

If the federal policy is revised, Solove said, people should be explicitly informed whenever a cookie is placed on their computer or whenever they are tracked. There should also be an easy way to opt out of having cookies placed on a user’s computer, he said.

“The government should be strictly limited in how it can collect and use the data,” he said. “The data should only be collected and used for purposes that significantly enhance the Web experience. No other collection or uses should be permitted.”

The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.